Show correct "no-results" message on pipeline security tab

Summary

When a filter-combination does not contain any results, but the pipeline does have findings, we currently show this empty state component:

while it should be (and this is the case for the project vulnerability report page), this empty state component:

Cause

When pipeline_security_dashboard_graphql is enabled, the vulnerability_list.vue is used and that already has support for showing the latter "filter produced no results" empty state. However, it requires 2 injections in vue: hasVulnerabilities and noVulnerabilitiesSvgPath. These are not provided vulnerability_report_data in the pipeline_helper.rb.

Possible fixes

Provide has_vulnerabilities and no_vulnerabilities_svg_path in vulnerability_report_data_entity.rb and update pipeline_report_options.js such that these are provided into vue.

1. has_vulnerabilities indicates whether the pipeline has findings
2. no_vulnerabilities_svg_path should link to image_path('illustrations/empty-state/empty-search-md.svg')

Implementation Plan

frontend

1. Update pipeline_report_options.js such that hasVulnerabilities and noVulnerabilitiesSvgPath are extracted from dataset and returned.

backend

1. Include has_vulnerabilities in ee/app/serializers/security/vulnerability_report_data_entity.rb which is a boolean that indicates whether there are security findings at all in the pipeline. Use pipeline.security_findings for this.
2. Include no_vulnerabilities_svg_path in ee/app/serializers/security/vulnerability_report_data_entity.rb that links the image path 'illustrations/empty-state/empty-search-md.svg'. Use ActionController::Base.helpers.image_path('illustrations/empty-state/empty-search-md.svg').